#!/usr/bin/env nix-shell #!nix-shell -i zsh --packages rsync zsh setopt ERR_EXIT NO_UNSET PIPE_FAIL # load module to parse command line arguments zmodload zsh/zutil # parse any possible additional drive declarations zparseopts -D -E -A opts -- -skip-disko h x # enable XTRACE shell option for full debugging output of scripts if (( ${+opts[-x]} )); then set -x fi DIR="${0:h}" TARGET_HOST="${1:-}" if [[ -z "${TARGET_HOST}" ]] || (( ${+opts[-h]} )); then <<EOF >&2 usage: ${0:t} [ --skip-disko ] [ -h ] [ -x ] host --skip-disko skip running presumably already run disko step -h this message -x enable shell debug host the host to install from our flake EOF exit 1 fi if [[ "${USERNAME}" != "nixos" ]]; then echo "ERROR! ${0:t} should be run as the nixos user from a NixOS installer." >&2 exit 1 fi if [[ -z "$TARGET_HOST" ]]; then echo "ERROR! ${0:t} requires a hostname as the first argument." >&2 exit 1 fi if [[ ! -e "${DIR}/../hosts/${TARGET_HOST}/disks.nix" ]]; then echo "ERROR! ${0:t} could not find the required ${DIR}/../hosts/${TARGET_HOST}/disks.nix." >&2 exit 1 fi # Check if the machine we're provisioning is using an encrypted pool. # If it does, prompt for the passphrase, and write to a known location. if grep -q "data.keyfile" "${DIR}/../hosts/${TARGET_HOST}/disks.nix"; then while true; do echo -en "\n${TARGET_HOST} uses ZFS encryption. Enter a passphrase to encrypt your pool: " read -s pass echo if [[ "${#pass}" -lt 8 ]]; then echo 'ERROR! Passphrase must be at least 8 characters.' >&2 continue fi echo -n "Re-enter passphrase: " read -s pass2 echo if [[ "${pass}" != "${pass2}" ]]; then echo 'ERROR! Passphrases must match.' >&2 continue else break fi done echo -n "${pass}" > /tmp/data.keyfile && chmod 00600 /tmp/data.keyfile fi <<EOF ++++++++ The disk(s) in ${TARGET_HOST} are about to get wiped! WARNING! NixOS will be re-installed on ${TARGET_HOST}. ++++++++ This is a destructive operation!!! EOF read -q '?Are you sure? [y/N] ' echo if [[ "${REPLY}" == "y" ]]; then sudo true if (( ! ${+opts[--skip-disko]} )); then sudo nix run github:nix-community/disko \ --extra-experimental-features "nix-command flakes" \ --no-write-lock-file \ -- \ --mode zap_create_mount \ "${DIR}/../hosts/${TARGET_HOST}/disks.nix" fi # rsync NixOS configuration to target host file system and install the system if [[ ! -d /mnt/etc/nixos ]]; then sudo mkdir -p /mnt/etc/nixos fi sudo rsync -a --delete --exclude .git "${DIR}/.." /mnt/etc/nixos cd /mnt/etc/nixos sudo nixos-install --flake ".#${TARGET_HOST}" if [[ "${?}" -eq 0 ]]; then cd for i in $(awk -F: '{if ($3 >= 1000 && $3 <= 30000) print $1}' /mnt/etc/passwd); do read -q "?Do you want to set a password for the user ${i}? [y/N] " echo if [[ "${REPLY}" == "y" ]]; then sudo chroot /mnt /$(find /mnt/nix/store/*-shadow-*/bin/passwd -executable -name passwd | cut -d/ -f3-) ${i} fi echo done echo 'Unmounting file systems...' >&2 mount | grep -v zfs | awk '$3 ~ /^\/mnt\// {print $3}' | xargs -i{} sudo umount -lf {} echo 'Unmounting ZFS file systems...' >&2 while ! sudo umount -t zfs -a; do echo 'attempting to umount all ZFS file systems' >&2; sleep 1; done echo 'Exporting zpool...' >&2 while ! sudo zpool export -a; do echo 'attempting to export all zpools' >&2; sleep 1; done echo 'Type reboot when ready.' >&2 fi fi